aaa accounting command

mironduplessis · ‎07-11-2007

Hi,

I am having a problem getting the aaa acccount command to actually send any information to the my two ACS 4.1 servers. The servers are showing logs for Tacacs accounting but not tacacs Administration, so i am unable to see what commands my technicians are performing on the device.

Any thoughts.

Miron

mahmoodmkl · ‎07-11-2007

HI

Have u enable accounting for all the commands.Can u paste the config of aaa.

i think the command should be like this

aaa accounting commands 0 15 deafult start-stop group tacacs+

Thanks

Mahmood

mironduplessis · ‎07-11-2007

Mahmood,

These are the commands I currently have and they worked in the past. These are the same commands as on my 3750, 4500, 6500 etc.

The Group AccountingTAC is defined with two servers, which are doing the authentication successfully.

aaa accounting exec default start-stop group AccountingTAC

aaa accounting commands 0 default start-stop group AccountingTAC

aaa accounting commands 1 default start-stop group AccountingTAC

aaa accounting commands 2 default start-stop group AccountingTAC

aaa accounting commands 3 default start-stop group AccountingTAC

aaa accounting commands 4 default start-stop group AccountingTAC

aaa accounting commands 5 default start-stop group AccountingTAC

aaa accounting commands 6 default start-stop group AccountingTAC

aaa accounting commands 7 default start-stop group AccountingTAC

aaa accounting commands 8 default start-stop group AccountingTAC

aaa accounting commands 9 default start-stop group AccountingTAC

aaa accounting commands 10 default start-stop group AccountingTAC

aaa accounting commands 11 default start-stop group AccountingTAC

aaa accounting commands 12 default start-stop group AccountingTAC

aaa accounting commands 13 default start-stop group AccountingTAC

aaa accounting commands 14 default start-stop group AccountingTAC

aaa accounting commands 15 default start-stop group AccountingTAC

Richard Burts · ‎07-12-2007

Miron

Would I be correct in assuming that you were running on an older version of ACS, the accounting/administration logs worked, and then you upgraded to 4.1 and the administration logs stopped working? We ran into that situation at a customer site and discovered that it is a problem in the 4.1 version and that Cisco has a patch for this issue. We installed the patch and the administration reports are now working fine.

HTH

Rick

HTH

Rick

royalblues · ‎07-12-2007

Hi Rick is right,

This is a known issue, you need to apply patch ACS 4.1.1.23.5 to fix the issue.

Patch for appliance is availble on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-soleng-3des

Patch name : ACS SE 4.1.1.23.5 accumulative patch

Patch for acs windows is availble on

http://www.cisco.com/cgi-bin/tablebuild.pl/acs-win-3des

Patch Name : ACS 4.1.1.23.5 accumulative patch

HTH, rate if it does

Narayan

Jagdeep Gambhir · ‎07-12-2007

Hi Miron,

This is a known issue with acs running on 4.1.23 that it will not log tacacs admin logs. You need to apply patch for this.

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K15512731

Hope that helps !

Regards,

~JG

mironduplessis · ‎07-12-2007

Thanks for your help everyone, I applied the patch however now my Services will not start on the engine, out of the pan into the fire:-D, tried to do a rollback command and restart the servers but still does not start them.

Jagdeep Gambhir · ‎07-13-2007

Hi,

I would suggest you to reimage the appliance using recovery CD that you received with appliance and apply the patch again.

Regards,

mironduplessis · ‎07-13-2007

Hi,

I did that this morning, except havent applied the patches to the two servers.

Will apply the patch on the backup , and see if it fails again.

Miron

sohail_sarwar · ‎12-22-2010

Hi

I too applied the Patch and faced with same issue

Had to restore ACS backup

And the problem still persists

Cant see administration logs

any suggestions